4d6b7214ac495ae0cc6a68a50d4d6507_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d6b7214ac495ae0cc6a68a50d4d6507_JaffaCakes118
Size

207KB
MD5

4d6b7214ac495ae0cc6a68a50d4d6507
SHA1

b7d0412f7b752f8ac317d63f8163aa4d3853924e
SHA256

2102f803e43566b56a6322e83457ba0126e9092a18736a429b129b50f3708139
SHA512

932bb04ed815707e2c15bdb1820389328833dc8f9c108607c0bdd36b861df71832aa6d91cac63c823c710989b49aa6122b556deeb23787ce3f32e6bf2f84e88e
SSDEEP

6144:bLRGfeSFC5L/Fg3ZdRqhfqM2+EezbxhCaMsi6Tae:qe7HgpdUhCM2oPLpMgTae

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d6b7214ac495ae0cc6a68a50d4d6507_JaffaCakes118

Files

4d6b7214ac495ae0cc6a68a50d4d6507_JaffaCakes118
.dll windows:4 windows x86 arch:x86

52f9d47342bf693c8a63de436f2a57db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

gethostbyname

ole32

CoTaskMemRealloc

wininet

InternetOpenA

urlmon

URLDownloadToFileA

user32

GetForegroundWindow

gdi32

CreateRectRgn

advapi32

RegOpenKeyA

oleaut32

SysAllocString

Exports

Exports

Always
CallByControl
Downing
GetPlayerVersion
KingS
Stop
playAds

Sections

.text
Size: 197KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE